Security News

Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. "This fundamental redesign of Firefox's Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop," Mozilla said in a statement.

Mozilla has started rolling out the Site Isolation security feature to all Firefox channels, protecting users from attacks launched via malicious websites. Until today, Site Isolation could only be enabled by users of Firefox Nightly, the release channel used by Mozilla to test new features not yet ready for a wider rollout.

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.

This month, Mozilla has announced plans to phase out support for the Firefox web browser app on the Amazon Fire TV product line. Although Firefox will be no longer supported on Fire TV effective at the end of this month, Amazon Silk web browser app remains available to Fire TV users.

Mozilla volunteers have recently been flooded with online merchants and marketers' requests for their domains to be added to what's called a Public Suffix List. Public Suffix List is an initiative of the Mozilla community volunteers to maintain a list of top-level domains and domains that should be treated as one to prevent the mixing of cookies between distinct domains.

Mozilla's attempts to augment its income continued apace with an update to the company's VPN subscription service. The update, which has landed less than a year since Mozilla first launched the service, adds two new features.

Mozilla has announced that it will introduce a more privacy-focused default Referrer Policy to protect Firefox users' privacy, starting with the web browser's next version. Once updated, the web browser will automatically trim user-sensitive information like path and query string information accessible from the Referrer URL. This URL is sent together with the HTTP Referrer header between websites during subresources requests and navigating between sites by clicking on links.

A newly uncovered cyberattack is taking control of victims' Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. FriarFox gives cybercriminals various types of access to users' Gmail accounts and Firefox browser data.

The Mozilla Foundation has released its latest version of the Firefox browser, which comes with new privacy protections to squash cross-site cookie tracking, as well as a slew of security vulnerability fixes. "Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site," said Tim Huang, Johann Hofmann and Arthur Edelstein with Mozilla on Tuesday.

Mozilla has revised the way the latest build of the Firefox browser handles HTTP cookies to prevent third-parties from using them to track people online, as part of improvements in build 86 of the code. The third-party cookies placed by these scripts can be read on other websites that also load tracking code and are often used to follow people from website to website in order to build interest profiles for behavioral ad targeting.